Jenkins 2.56 CLI Deserialization / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...

CVE-2018-20220

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...

CVE-2018-20219

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

CVE-2018-20219

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

Authentication flaw

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...

Authentication flaw

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

Command injection

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

CVE-2018-20218

Summary (CVE-2018-20218): Teracue ENC-400 devices running firmware 2.56 or below are affected by a command-injection vulnerability in the login form. The issue arises because the login input is passed directly to a shell command in /usr/share/www/check.lp without escaping or validation, enabling ...

WordPress Plugin Olimometer 2.56 - SQL Injection

Exploit Title: Olimometer Plugin for WordPress – Sql Injection Date: 14/11/2016 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins/olimometer/ Software Link: https://wordpress.org/plugins/olimometer/ Contact: infoattad.group Website: https://tad.group Category: Web Applicati...

Joomla jVoteSystem 2.56 Component parameter keyword time delay injection vulnerability

No description provided by source...

Joomla jVoteSystem 2.56 SQL Injection

Exploit Title : Joomla jVoteSystem 2.56 Component - SQL Injection Exploit Author : Persian Hack Team Vendor Homepage : https://joomess.de/projects/jvotesystem Category Webapps Tested on Win Version : 2.56 Date 2016/09/08 PoC = Sql Injection : Keyword Parameter Vulnerable To SQL Demo :...

Design/Logic Flaw

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to 1 scripts/commands/getSystemInformation or 2...

BS.Player 2.56 Denial Of Service

!/usr/bin/python Exploit Title: BS.Player 2.56 Build 1043 .m3u and .pls Denial of Service Date: September 27, 2010 Author: modpr0be Software Link: http://www.bsplayer.com/bsplayer-setup.exe Version: 2.0.0 Tested on: Windows XP SP3/2003 CVE : - How it works? Open BS.Player -- Open the Playlist...

BS Player 2.56 DLL Hijacking Exploit

/ Description: BS Player 2.56 vulnerable for another DLL Preloading on ehtrace.dll while loading .mp3 content. Date: August 29, 2010 Author: Classity Security Scans PoC: Displaying message box, but can be replaced by DLL with arbitrary payload. / include define DllExport declspec dllexport BOOL...

BS.Player <= 2.56 build 1043 DLL Hijacking Exploit (mfc71loc.dll)

Exploit for windows platform in category local exploits ================================================================= BS.Player int main WinExec"calc", SWNORMAL; exit0; return 0; BOOL WINAPI DllMainHINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved main; return 0; 0day.today 2018-04-08...

PT-2008-2565 · Backweb +1 · Backweb +1

Name of the Vulnerable Software and Affected Versions: BackWeb versions prior to 8.1.1.87 Logitech Desktop Manager versions prior to 2.56 Description: The issue is related to multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control. This allows remote attackers to...

XSS in WSN Links 2.56

WSN Links 2.56 Home Page: http://scripts.webmastersite.net/wsnlinks/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting http://links.allmoney.ws/memberlist.php?field=&ascdesc=&page=3&perpage=14"scriptalert/script"...

CVE-2005-4297

Cross-site scripting XSS vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter...